Skip to main content

Security

This FAQ answers common questions about how the Atlan browser extension handles security, what data it accesses, and what browser permissions it uses.

Data access

What data does Atlan browser extension read?

When you're in a supported tool, the extension reads:

  • The URL of your active browser tab
  • DOM elements such as the asset title, hierarchy information, text, and data-test-id attributes to locate the asset

On any other webpage, the extension reads only the favicon, page title, and URL of your browser tab. No other data is accessed.

Is data sent securely?

Yes. The extension accesses all customer resources over HTTPS with SSL certificate verification to prevent tampering.

Permissions

What browser permissions does Atlan browser extension use?

The extension uses the minimum permissions required to function:

  • activeTab: Temporarily accesses the content of the active tab as you interact with the extension. This lets the extension read the URL and DOM elements to locate the asset and display metadata in the sidebar.
  • storage: Stores the domains you've configured locally. This lets the extension remember your settings when you close and reopen your browser.
  • cookies: Manages cookies for maintaining session state between your Atlan tenant and the browser extension. These cookies are only shared between your Atlan tenant and the extension.
  • contextMenus: Adds right-click menu options, such as Search in Atlan, so you can interact with the extension from any webpage.
  • host_permissions: Scopes the extension to work with Atlan tenants, for example https://atlan.com/*.
  • content_scripts: Injects a content script into webpages you visit. Although the script is injected into all pages, it's only executed on supported tools. No DOM elements are captured on unsupported pages.

Security practices

How does Atlan secure extension code?

Atlan applies security controls throughout the extension development lifecycle:

  • Content security policies and input validation to harden the extension
  • Least-privilege access model
  • Code obfuscation to prevent reverse engineering
  • Static and dynamic scanning before each release
  • Mandatory security-focused code reviews before distribution

How quickly are vulnerabilities patched?

Atlan uses CI/CD practices to release frequent updates, enabling rapid patching of identified vulnerabilities. If a post-deployment issue arises, Atlan notifies affected customers promptly.

Who do I contact for security questions?

For any security questions, contact Atlan Support or reach out to #bu-security-and-it on Slack.